Privacy Policy

In accordance with EU Regulation no. 679 of 2016 and Legislative Decree no. 196 of 2003 concerning the protection of personal data, you are hereby informed that the Data Controller is “Le Dimore del Toscano” (hereinafter referred to as “the Data Controller”). Personal data is processed in full compliance with EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent amendments.

The data provided by you (hereinafter referred to as “the Data Subject”) will be used solely to respond to your requests and may be communicated to third parties only if necessary for this purpose or with your explicit consent. The data will be processed by personnel appointed by the Data Controller using procedures, technical, and computer tools suitable to protect the confidentiality and security of the Data Subject’s data.

The processing of data includes their collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, and destruction, including the combination of two or more of the aforementioned activities. The data will be kept for the time strictly necessary to provide the services requested by the Data Subject and will be deleted upon the Data Subject’s request, subject to further retention obligations imposed by law. The Data Subject’s data will not be disclosed.

In the course of its activities and for the purposes stated above, the Data Controller may use services provided by third parties operating on behalf of the Data Controller and according to its instructions, such as data processors. These may include suppliers, business and production partners, intermediaries, technical consultants, and other similar subjects collaborating with our organization to fulfill contractual obligations assumed with you, as well as subjects providing a service strictly and necessarily connected to the Data Controller’s activity, such as tax consultants, banks, shippers, insurers, public and private entities, even in relation to inspections or verifications; subjects who may access the data by virtue of legal provisions.

The data may also be communicated to all those subjects authorized by law to collect them (e.g. provincial health services, tax authorities, etc.). The Data Subject may request a complete and updated list of the subjects appointed as data processors by contacting the contact below.

DATA SUBJECT RIGHTS

Right of access (Art. 15 GDPR): The Data Subject has the right to obtain confirmation of whether or not personal data concerning them is being processed and to lodge a complaint with the supervisory authority. Right to rectification (Art. 16 GDPR): The Data Subject has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning them. Right to erasure (right to be forgotten) (Art. 17 GDPR): The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay. Right to restriction of processing (Art. 18 GDPR): The Data Subject has the right to obtain a restriction of data processing. Duty of notification (Art. 19 GDPR): The Data Controller communicates any rectifications or erasures or restrictions of processing carried out pursuant to Articles 16, 17, and 18 to each of the recipients to whom the personal data has been disclosed. Right to data portability (Art. 20 GDPR): The Data Subject has the right to receive the personal data concerning them provided to the Data Controller and has the right to transmit such data to another data controller without hindrance from the Data Controller. Right to object (Art. 21 GDPR): The Data Subject has the right to object to the processing of their personal data. Profiling (Art. 22 GDPR): The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

The Data Controller is: Le Dimore del Toscano.

ART. 7 – RIGHT OF ACCESS TO PERSONAL DATA AND OTHER RIGHTS

The Data Subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form.

The Data Subject has the right to obtain information concerning: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identifying details of the Data Controller, Data Processors, and the designated representative under Article 5, paragraph 2; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representatives in the territory of the State, Data Processors or persons in charge.

The Data Subject has the right to obtain: a) updating, rectification, or, when interested, integration of data; b) erasure, transformation into anonymous form, or blocking of data processed unlawfully, including data that does not need to be retained in relation to the purposes for which the data was collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated or disclosed, except in the case where such fulfillment is impossible or involves the use of means manifestly disproportionate to the protected right.

The Data Subject has the right to object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection; b) to the processing of personal data concerning them for the purpose of sending advertising materials or direct selling or for the performance of market research or commercial communication.

DATA CONTROLLER

Pursuant to Art. 28 of Legislative Decree no. 196/2003: The Data Controller for personal data processing is Le Dimore del Toscano.

LINKS TO OTHER SITES

The sites to which we link, including (but not limited to) secondary sites and third-party service providers, may have a different privacy policy than the one outlined here. We assume no responsibility for the privacy policies of linked sites and therefore encourage you to become aware of them.

CHILDREN

We do not intend to collect personal information from anyone under the age of 16. If you are under 16, you should not make an online reservation or any information requests but should ask a parent to do so on your behalf.

QUESTIONS OR CONCERNS

At any time, if you believe that the Data Controller has not followed the above policy, please notify us by sending an email to info@ledimoredeltoscano.it, and we will try our best to identify and resolve any issues.

CHANGES TO THIS ONLINE PRIVACY POLICY

We may change this Privacy Statement from time to time to address changes in regulations, business needs, or to meet the requirements of our visitors, guests, market partners, and service providers. Updated versions will be posted on our website, along with update dates, to inform you of the latest privacy policy update.